Decentralization may be the key to protecting our digital identities
This article was written by Debra J. Farber, Privacy Strategist at Hedera Hashgraph
The internet as we know it is down. When it was originally created with the primary purpose of facilitating information sharing, this meant that user security and privacy was little more than an afterthought. The original data architectures were based on the concept of stand-alone computers, which companies used to store data centrally on a server that could be sent or retrieved by a second counterparty. To enjoy the benefits of the Internet both individually and societally, every user needs a digital identity.
There are many interpretations of the term “digital identity” that range from email addresses and social media accounts to actual forms of digital identification such as passports or driver’s licenses used for authentication in real life scenarios. As the UN strives to ensure everyone on the planet has a legal identity by 2030, the topic of digital ID has become more relevant, prompting companies like Microsoft and Accenture to look for ways to providing digital identities to the 1.1 billion people around the world. without any official document.
As we enter a new era where our driver’s licenses are stored on our phones, it’s important to remember that the world was a different place when the foundations of the internet were laid. As a result, the internet we rely on today is still unstable when it comes to user privacy and security. It’s the cause of so many problems – and it’s a big part of why Microsoft and Accenture have turned to blockchain to help the UN achieve its goal of providing every member of the world’s population with a legal identity. over the next decade.
Losing control of our digital identities
According to Statista, the number of social media users worldwide reached 3.6 billion in 2020, and that number is expected to reach 4.41 billion by 2025. On the vast majority of existing social media platforms, customers messaging and the range of other tools we use to communicate online, individual users do not own their digital identity.
Instead, these identities are managed and owned by some of the biggest and most powerful companies in the world. This comes at a cost to our personal, business and financial data. Under the control of large companies, this data is used and analyzed for advertising, marketing and to predict our future collective behaviors.
Banks can see how and where you spend your money; retailers can identify patterns in your shopping habits; while social media platforms know who you know and what interests you. We have seen time and again how this information can be exposed or exploited through the growing number of cyber attacks like the recent ‘catastrophic’ data breach involving the Health Service Executive of Ireland (HSE) and other notable incidents, like the Cambridge Analytica scandal.
What makes this more worrying is the fragmented nature of our digital identities – many longtime internet users would be unable to list the names of every website or app they’ve already signed up for. For many people, there are little bits of our identities strewn across the internet that we can’t even take into account.
This raises a serious question of trust. With more and more devices connected to the Internet, virtually all of our data is still stored centrally: on our computers or other devices, or in the cloud. Can we trust the companies, organizations and institutions that store and manage our data against any form of corruption – internally or externally, on purpose or by accident?
In the case of the HSE cyberattack in Ireland which occurred in May 2021, hackers gained access to highly sensitive data which was stored centrally by the Irish health service. According to the BBC, as of September 2021, 95% of servers and devices had been restored, meaning the HSE has yet to restore all devices and services affected by the incident.
The attack on the Irish health service illustrates how high the stakes can be when it comes to centrally storing data. In comparison, distributed ledger (DLT) technologies store data in cryptographically linked blocks that are nearly impossible to tamper with, ensuring there is no single point of failure, as there is during storage. centralized data.
Take back possession
In order for data protection to meet the privacy standards demanded by 21st century internet users, it is imperative that we aim to empower individuals to control and manage their own identity and the personal data associated with their identity. The key to achieving this is decentralization.
Decentralization provides additional security over the centralized architecture upon which the Internet is based today. With the existing internet, issues such as cloud server configuration errors can lead to data leaks or service disruption. If there is a single point of failure, many parties could have their data compromised if or when a central controller is compromised.
With a decentralized identity, identifiers such as usernames can be replaced with personal identifiers, as opposed to existing usernames that we use, which are owned and controlled by social media companies or other entities. in line. These identities operate within a framework of trust that uses blockchain and DLT to ensure user privacy while enabling secure transactions.
Researchers around the world are working to create alternatives to our existing digital identities through the decentralized web, or Web 3.0. These alternatives use new protocols that remove the need for middlemen during transactions, while further democratizing the web and restoring value to creators and participants. The objective is to allow Internet users to verify their identifiers without depending on intermediaries while managing their own identity. This will create a new internet that is fair, secure, fast and scalable, with more emphasis on security and privacy.
Who is held responsible?
By nature, the data in a distributed ledger is owned by every node, which means that every computer in the network has access to the same data, which allows for more secure and efficient management and storage of data for everyday users and the producers of this data. The challenge, however, remains that existing privacy and data protection regulations require that a single owner be responsible for all data privacy requirements.
One approach for DLT networks to ensure compliance with data privacy regulations is to consider using index numbers linked to personal data in a separate database, rather than storing personal data on the blockchain. Using this approach, an organization can secure and own this database, while still sharing the data under a pseudonym on the blockchain, which will remain anonymous to anyone else who sees the data on the chain.
While this can add a bit more centralization to your dApp, it will keep your business compliant until global laws are updated to recognize and enable all of DLT’s capabilities. While it is not yet a perfect solution, it is currently the best alternative to the existing centralization system and the risks associated with the single point of failure.
By introducing decentralization, dApp developers have the ability to maintain strong and secure data privacy protections for users at all levels. By offering strong privacy defaults and more user-centric options, decentralized data solutions will enable individuals to make informed decisions about their data. As we move closer to realizing the full potential of Web 3.0, existing regulations will be improved to better meet the needs of the blockchain industry and better meet the privacy needs of Internet users.
Debra J. Farber, Privacy Strategist at Hedera Hashgraph
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member